{"id":839,"date":"2022-08-29T10:31:00","date_gmt":"2022-08-29T17:31:00","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=839"},"modified":"2022-08-29T10:33:45","modified_gmt":"2022-08-29T17:33:45","slug":"phishing-from-8-29-22-item-shared-with-you-admin","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/839","title":{"rendered":"Phishing from 8\/29\/22: &#8220;Item shared with you: &#8216;ADMIN'&#8221;"},"content":{"rendered":"\n<p class=\"has-large-font-size\">Original Phishing Message<\/p>\n\n\n\n<p><strong><em>NOTE: If you received this message, it is NOT legitimate. Do not follow the link.<\/em><\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"798\" height=\"659\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/08\/8-29-22-google-docs-phish.png\" alt=\"\" class=\"wp-image-840\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/08\/8-29-22-google-docs-phish.png 798w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/08\/8-29-22-google-docs-phish-300x248.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/08\/8-29-22-google-docs-phish-768x634.png 768w\" sizes=\"auto, (max-width: 798px) 100vw, 798px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Tips for Detection<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>This message may be difficult to spot as it takes the form of a real Google Document share. Look for mismatches between the actual sender&#8217;s name\/email address (e.g. James Wilson has shared the following item) versus the name mentioned in the description of the document share (e.g. Isiaah Crawford sent a request to view the file).<\/li><li>Notice that the individual sharing the document is\u00a0<strong><em>outside\u00a0<\/em><\/strong>Puget Sound. When you see the yellow\/orange banner in a Google Drive share email that says \u201c[<em>email address<\/em> <em>or name<\/em>] is outside your organiztion\u201d, please use extra caution.<\/li><li>Many phishing attempts utilize legitimate cloud collaboration services such as Google Drive, OneDrive, Dropbox, etc. Frequently, the shared document will include a note to click a link to open the actual document \u2013 however, this link will generally lead to a site that asks for your credentials (e.g. fake login website, web form).<\/li><li>If you\u2019re not expecting a shared document, use extra caution before clicking on the link.<\/li><\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>If you would like to prevent an email address from being able to use Google Drive to share files with you, you can block them:&nbsp;<a href=\"https:\/\/support.google.com\/drive\/answer\/10613533\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/support.google.com\/drive\/answer\/10613533<\/a>.<\/p><\/blockquote>\n\n\n\n<p class=\"has-large-font-size\">Text of Phishing Message<\/p>\n\n\n\n<p><strong>From:<\/strong> James Wilson (via Google Drive) &lt;drive-shares-dm-noreply[@]google[.]com><br><strong>Subject: <\/strong>Item shared with you: &#8220;ADMIN&#8221;<\/p>\n\n\n\n<p>James Wilson shared an item<\/p>\n\n\n\n<p>James Wilson (wilsonj[@]region-12[.]org) has shared the following item:<\/p>\n\n\n\n<p>Fwd: Isiaah Crawford sent a request to view the file.<\/p>\n\n\n\n<p>Isiaah Crawford<br>President<br>University of Puget Sound<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Original Phishing Message NOTE: If you received this message, it is NOT legitimate. Do not follow the link. Tips for Detection This message may be difficult to spot as it takes the form of a real Google Document share. Look for mismatches between the actual sender&#8217;s name\/email address (e.g. James Wilson has shared the following [&hellip;]<\/p>\n","protected":false},"author":521,"featured_media":840,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-839","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/839","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=839"}],"version-history":[{"count":2,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/839\/revisions"}],"predecessor-version":[{"id":843,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/839\/revisions\/843"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/840"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=839"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=839"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=839"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}